General
-
Target
02c33e220ec6a0df5a71cf30866e879f_JaffaCakes118
-
Size
283KB
-
Sample
240427-jpjxpseg81
-
MD5
02c33e220ec6a0df5a71cf30866e879f
-
SHA1
00e8a11a3720b25df09884eaabb55986f4fb927a
-
SHA256
7ce6ddee9192d4d51b389cf8da8d226b51082378253b1c36716fe50b039dea32
-
SHA512
eb1fe26a5221eaed7057d284eee39d93e01e8375aafc818a5f3b317cd1544940837927d010bafe8b6b419e044b6c7208edf15dce3cd7d494ab8cada9f808c559
-
SSDEEP
6144:TvEk52U+T6i5LirrllHy4HUcMQY68wzVdUsBbr/5Q:TEk5N+T5xYrllrU7QY68wzX/i
Static task
static1
Behavioral task
behavioral1
Sample
02c33e220ec6a0df5a71cf30866e879f_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
02c33e220ec6a0df5a71cf30866e879f_JaffaCakes118
-
Size
283KB
-
MD5
02c33e220ec6a0df5a71cf30866e879f
-
SHA1
00e8a11a3720b25df09884eaabb55986f4fb927a
-
SHA256
7ce6ddee9192d4d51b389cf8da8d226b51082378253b1c36716fe50b039dea32
-
SHA512
eb1fe26a5221eaed7057d284eee39d93e01e8375aafc818a5f3b317cd1544940837927d010bafe8b6b419e044b6c7208edf15dce3cd7d494ab8cada9f808c559
-
SSDEEP
6144:TvEk52U+T6i5LirrllHy4HUcMQY68wzVdUsBbr/5Q:TEk5N+T5xYrllrU7QY68wzX/i
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
1Hidden Files and Directories
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3